all remediations will have an alert and investigation for it, additional filters to narrow down the results. Also, all email remediations follow a consistent framework i.e. Utilizing a new action focused, this capability helps SecOps to track and manage remediation actions through a single unified experience which saves time. The Excel spreadsheet available for download.We are extremely happy to announce that all email related actions, taken automatically or manually by the security teams via the various Microsoft Defender for Office 365 and Microsoft 365 Defender experiences, are now available in the unified Action Center. Hopefully, you will find these as useful as I have:) The list is not 100% accurate but good for a start. You can find results from the picture and Excel spreadsheet. Intelligent Security Graph aka Microsoft Security Graph API
Another drive was a need to investigate the possibility of integration directly between security solution API and 3rd party SIEM/SOAR. In my opinion, APIs related information is shattered in the Microsoft documentation which was one of the main reasons for this blog post. Another use case would be reporting capabilities. This approach is suitable for organizations that don’t have Azure Sentinel in place or don’t have a license for all the security features.
External integrations and available APIs have been one of the covered topics on the way.Įven though, Intelligent Security Graph (ISG) provides API where you can get all the alerts from the security providers there might be a reason why you need to make integration directly with the security solution itself, such as with Microsoft Defender ATP (MDATP). Recently, I have spent a lot of time investigating Microsoft 365 security solutions capabilities. Update 09/18/20 – Microsoft Threat Protection (MTP) API’s added
0 kommentar(er)
